Information for Researchers

If you're a researcher, explore our findings about tackling security issues in an ever-challenging world. We've been researching cybersecurity for 25 years, so we have many resources to help you. Ask yourself the following questions and read on.

Read our FAQ to learn more about the CERT Division; watch videos and see other artifacts that summarize our latest research. If you have questions, please feel free to contact us.

How Can You Tell If Software Is Vulnerable?

CERT/CC Blog
Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

What Constitutes Secure Programming?

We perform research and development in the area of secure codingto create tools to support the creation of secure code right from the start and others to detect code vulnerabilities. We also work with the software development and security communities to research and develop secure coding standards for commonly used programming languages and for smartphone platforms (Android, iOS, Win8). Current secure coding research includes the following:

Thread Role AnalysisThread role analysis research focuses on flaws involving incorrect thread usage. These flaws lead to vulnerabilities such as race conditions and deadlock.

Mobile Standards and AnalysisThe Mobile Standards and Analysis research extends CERT Secure Coding Standards and our software analysis (SCALe) research and development to mobile platforms, including Android, iOS (iPhone and iPad), and Windows Phone 8.

Secure Coding StandardsWe coordinate the development of secure coding standards by security researchers, language experts, and software developers using a wiki-based community process.

Pointer Ownership ModelIncorrect use of pointers is a common source of bugs and vulnerabilities in C and C++. We are working on an approach that helps developers ensure that their designs and code are secure.

Integer SecurityInteger overflow and wraparound are a growing and underestimated source of vulnerabilities in C and C++ programs. Our researchers have worked on a number of solutions for addressing the issue of integer security.

What Makes a Network Secure?

We develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks. Our current research in this area includes the following topics: Scalable Intrusion Detection, Anomaly Detection, Network Profiling, Incident Handling, Advanced Persistent Threat / Intrusion Set Studies, Closed Network Defense, Indicator Expansion, Sophisticated Malware Detection, Metrics and Measurement, Network Defense Architecture and Engineering, Network Security Test Beds, and Network Security Prototyping.

What Makes Incident Management Effective?

We support the international response team community by helping organizations and national CSIRTs develop, operate, and improve incident management capabilities. Read about our incident management work or lean about the related current research topics:

What Are the Latest Patterns Discovered in Insider Threat Cases?

Our work in the field of insider threat enables effective insider threat programs by performing research, modeling, analysis, and outreach to define socio-technical best practices so that organizations are better able to deter, detect, and respond to evolving insider threats. Our current research is based on analysis in the Insider Threat Database and includes the following:

Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.

Case Analysis
Our analysis cases help private industry, government, and law enforcement better understand, detect, and possibly prevent harmful insider activity. We study real insider threat cases to identify how to protect organizational assets. The team includes U.S. Secret Service (USSS) behavioral psychologists and CERT information security experts who collect information on insider threat cases that occur in U.S. critical infrastructure sectors.

Modeling and SimulationThe CERT Division's insider threat modeling and simulation work combines empirical data collected by CERT staff members and system dynamics modeling and simulation to convey both the "big picture" and complexity of the insider threat problem.

How Should You Incorporate Security into Software Development and Acquisition Processes?

Our work in the area of cybersecurity engineering addresses security and survivability throughout the software development and acquisition lifecycles. Our current research topics include the following:

SQUARE
This research and its resulting tool help organizations to build security, including privacy, into the early stages of the production and acquisition lifecycles.

Software Security Assurance Measurement and AnalysisThe goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.

Supply Chain AssuranceThis research can help acquirers by describing an approach to assuring the security of supply chains.

Software Assurance FrameworkThis research project provides a way to model aspects of the assurance ecosystem, such as security, and examine the gaps, barriers, and incentives that affect how you form, adopt, and use assurance solutions.

How Can Resilience Be Measured?

As part of our work in resilience, we develop methods that help organizations manage operational risk and improve operational resilience. Our research in resilience management identifies process improvement capabilities that help organizations ensure their important assets continually and effectively support business processes and services.

Keep Up with the Latest

CERT/CC Blog
Our team members regularly contribute to the CERT/CC blog to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Malware Analysis Apprenticeship
This five-day, hands on course provides participants with an opportunity to learn best practices for analyzing malicious code.

Advanced Forensic Response and Analysis
The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis.

Secure Coding in C and C++
This four-day course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

Learn About Our Tools

Our open source tools can help with an array of tasks that help you improve the security of your software or respond to security incidents.

Explore Our Research

We conduct research in a variety of areas. Explore the research pages for our work areas, and contact us to discuss how we can collaborate to advance this research or discuss new research opportunities. In addition, you can collaborate with us to refine existing coding standards for C, C++, Java, Perl, and the Android platform; join the secure coding wiki to get involved. Contact us to contribute to the development of new secure coding standards for languages including Ada, C#, Fortran, Python, JavaScript, and SPARK or the iOS or Windows 8 smartphone platforms.

Read About FloCon 2017

FloCon 2017, an annual network security conference, takes place in San Diego, California in January 2017. Contact us if you need more information.

Collaborate with Us

Contribute to our research by collaborating with us. Let us know which research topics interest you.